[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Mar 20 14:35:57 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a538a9e by Salvatore Bonaccorso at 2019-03-20T14:35:23Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7587,23 +7587,23 @@ CVE-2019-6737
 CVE-2019-6736
 	RESERVED
 CVE-2019-6735 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2019-6734 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-6733 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-6732 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-6731 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-6730 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2019-6729 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2019-6728 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2019-6727 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2019-6726
 	RESERVED
 CVE-2019-6725
@@ -8346,7 +8346,7 @@ CVE-2019-6443 (An issue was discovered in NTPsec before 1.1.3. Because of a bug
 CVE-2019-6442 (An issue was discovered in NTPsec before 1.1.3. An authenticated attac ...)
 	- ntpsec 1.1.3+dfsg1-1 (bug #919513)
 CVE-2019-6441 (An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0 ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Coship devices
 CVE-2019-6440 (Zemana AntiMalware before 3.0.658 Beta mishandles update logic. ...)
 	NOT-FOR-US: Zemana AntiMalware
 CVE-2019-6439 (examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through  ...)
@@ -8727,13 +8727,13 @@ CVE-2019-6283 (In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::P
 	[stretch] - libsass <no-dsa> (Minor issue)
 	NOTE: https://github.com/sass/libsass/issues/2814
 CVE-2019-6282 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W ...)
-	TODO: check
+	NOT-FOR-US: ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices
 CVE-2019-6281
 	RESERVED
 CVE-2019-6280
 	RESERVED
 CVE-2019-6279 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W ...)
-	TODO: check
+	NOT-FOR-US: ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices
 CVE-2018-20712 (A heap-based buffer over-read exists in the function d_expression_1 in ...)
 	- binutils <unfixed>
 	[stretch] - binutils <ignored> (Minor issue)
@@ -8763,9 +8763,9 @@ CVE-2019-6277
 CVE-2019-6276
 	RESERVED
 CVE-2019-6275 (Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-L ...)
-	TODO: check
+	NOT-FOR-US: GL.iNet GL-AR300M-Lite devices
 CVE-2019-6274 (Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M- ...)
-	TODO: check
+	NOT-FOR-US: GL.iNet GL-AR300M-Lite devices
 CVE-2019-6273 (download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 all ...)
 	NOT-FOR-US: GL.iNet GL-AR300M-Lite devices
 CVE-2019-6272 (Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite ...)
@@ -13527,7 +13527,7 @@ CVE-2019-4096
 CVE-2019-4095
 	RESERVED
 CVE-2019-4094 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4093
 	RESERVED
 CVE-2019-4092
@@ -14913,11 +14913,11 @@ CVE-2019-3498 (In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x b
 CVE-2018-20654
 	RESERVED
 CVE-2019-3497 (An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x ...)
-	TODO: check
+	NOT-FOR-US: Wifi-soft UniBox controller devices
 CVE-2019-3496 (An issue was discovered on Wifi-soft UniBox controller 3.x devices. Th ...)
-	TODO: check
+	NOT-FOR-US: Wifi-soft UniBox controller devices
 CVE-2019-3495 (An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x ...)
-	TODO: check
+	NOT-FOR-US: Wifi-soft UniBox controller devices
 CVE-2019-3494 (Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteC ...)
 	NOT-FOR-US: Simply-Blog
 CVE-2018-20653
@@ -15350,9 +15350,9 @@ CVE-2018-20558 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/syst
 CVE-2018-20557 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?r ...)
 	NOT-FOR-US: DouCo DouPHP
 CVE-2018-20556 (SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordP ...)
-	TODO: check
+	NOT-FOR-US: Booking Calendar plugin for WordPress
 CVE-2018-20555 (The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress all ...)
-	TODO: check
+	NOT-FOR-US: Design Chemical Social Network Tabs plugin for WordPress
 CVE-2018-20554
 	RESERVED
 CVE-2018-20553 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len  ...)
@@ -16526,11 +16526,11 @@ CVE-2018-20222
 CVE-2018-20221 (Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are  ...)
 	TODO: check
 CVE-2018-20220 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56  ...)
-	TODO: check
+	NOT-FOR-US: Teracue ENC-400 devices
 CVE-2018-20219 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56  ...)
-	TODO: check
+	NOT-FOR-US: Teracue ENC-400 devices
 CVE-2018-20218 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56  ...)
-	TODO: check
+	NOT-FOR-US: Teracue ENC-400 devices
 CVE-2018-20217 (A Reachable Assertion issue was discovered in the KDC in MIT Kerberos  ...)
 	{DLA-1643-1}
 	- krb5 1.16.2-1 (low; bug #917387)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a538a9e88a885658c7f220890d813f310b07da8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a538a9e88a885658c7f220890d813f310b07da8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190320/4aa8dba5/attachment.html>

More information about the debian-security-tracker-commits mailing list